ESET researchers have discovered a link between the Tesco Bank breach and the Retefe malware. The Retefe trojan horse goes after users’ online banking credentials, which can be then misused to conduct fraudulent transactions. Thousands more could be at risk as there is quite a lengthy list of other banks located in many other countries in this malware’s crosshairs. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“The Retefe malware, suspected as the main culprit in the Tesco attack, is a perfect example of the thorough, professional attacks hitting the internet today. Retefe thinks of everything. It targets many banks other than Tesco. It makes the fake website appear secure to relax the user expecting to see “https” and the browser’s indication that things are good. Retefe even has a mobile component to take over codes sent to your phone. Too many people still think the bad guys are loners in basements. But when there is profit motive, it’s more likely that the bad guys are calculating, patient pros who can be recognized by the high quality of their work like Retefe.
The reason Retefe malware and others like it are so dangerous is that they completely compromise one end of a secure communication. If you and I talk on the phone, only one of our phones needs to be bugged for the bad guy to capture both sides of our conversation. If the bad guy owns your machine, you can put all the security you want on the server and it won’t matter. When you have the user change their password, the bad guy sees it. When you switch up the website process, the bad guy sees that too and can emulate it. The only thing that can be truly effective is a very diligent end user who knows what to look for. That means all the banks can do is offer tips on how to spot the fake sites collecting user data that the malware creates and hope the user is diligent enough to learn and watch for signs of the bad guys at work.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…